Chromium Code Reviews| Index: extensions/browser/url_request_util.cc |
| diff --git a/extensions/browser/url_request_util.cc b/extensions/browser/url_request_util.cc |
| index c7347cdbe956a4fc74d847daccf7175c1b3885d2..20e32c61b77d19208bb7ce156c7bc4a895d2415c 100644 |
| --- a/extensions/browser/url_request_util.cc |
| +++ b/extensions/browser/url_request_util.cc |
| @@ -152,17 +152,16 @@ bool AllowCrossRendererResourceLoadHelper(bool is_guest, |
| const std::string& resource_path, |
| ui::PageTransition page_transition, |
| bool* allowed) { |
| - // |owner_extension == extension| needs to be checked because extension |
| - // resources should only be accessible to WebViews owned by that extension. |
| - if (is_guest && owner_extension == extension && |
| - WebviewInfo::IsResourceWebviewAccessible(extension, partition_id, |
| - resource_path)) { |
| - *allowed = true; |
| - return true; |
| - } |
| + if (is_guest) { |
| + // An extension's resources should only be accessible to WebViews owned by |
| + // that extension. |
| + if (owner_extension != extension) { |
|
alexmos
2017/03/23 18:23:53
Seems like the old check also allowed web-triggera
lfg
2017/03/23 18:49:40
This is a bug I fixed in the past, but Paul reintr
|
| + *allowed = false; |
| + return true; |
| + } |
| - if (is_guest && !ui::PageTransitionIsWebTriggerable(page_transition)) { |
| - *allowed = false; |
| + *allowed = WebviewInfo::IsResourceWebviewAccessible(extension, partition_id, |
| + resource_path); |
| return true; |
| } |